{"data":{"id":"8dc40ad0-cd2f-4645-99a2-b0f5398ad296","title":"GHSA-gg5m-55jj-8m5g: Graphiti vulnerable to Cypher Injection via unsanitized node_labels in search filters","summary":"Graphiti versions before 0.28.2 had a Cypher injection vulnerability (a type of attack where malicious code is hidden in user input to manipulate database queries) in its search filters for non-Kuzu database backends. Attackers could exploit this by providing crafted labels through SearchFilters.node_labels or, in MCP deployments (a system where an AI model can call external tools), through prompt injection (tricking an LLM into executing attacker-controlled commands) to execute arbitrary database operations like reading, modifying, or deleting data.","solution":"Upgrade to version 0.28.2 or later. Version 0.28.2 added validation of SearchFilters.node_labels, defense-in-depth label validation in shared search-filter constructors, validation of entity node labels in persistence query builders, and validation of group_ids in shared search fulltext helpers. If you cannot upgrade immediately, do not expose Graphiti MCP tools to untrusted users or LLM workflows processing untrusted prompts, avoid passing untrusted values into SearchFilters.node_labels or MCP entity_types, and restrict graph database credentials to minimum required privileges.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-gg5m-55jj-8m5g","publishedAt":"2026-03-12T17:26:16.000Z","cveId":"CVE-2026-32247","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["prompt_injection","rag_poisoning"],"issueType":"vulnerability","affectedPackages":["graphiti-core@<= 0.28.1 (fixed: 0.28.2)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["Graphiti","Neo4j","FalkorDB","Neptune","Kuzu"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-03-12T17:26:16.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"rag","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0051"]}}